1404 matches found
js-compute-runtime 安全漏洞
js-compute-runtime is a Fastly Compute@Edge JavaScript runtime open-sourced by Fastly. A security vulnerability exists in js-compute-runtime versions 0.4.0 through 0.5.3, which stems from the failure of the Math.random and crypto.getRandomValues methods to use sufficient random values...
CVE-2022-38883
The d8s-math for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0...
CVE-2022-38883
The d8s-math for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0...
PYSEC-2022-43079
The d8s-math for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0...
PYSEC-2022-43121
The d8s-math for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0...
PYSEC-2022-43079
The d8s-math for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0...
CVE-2022-38883
CVE-2022-38883 concerns the Python package d8s-math on PyPI, with the democritus-strings backdoor in version 0.1.0. The vulnerability, as described by multiple sources (NVD/Red Hat/OSV/Veracode/PYSEC advisories), enables potential remote code execution via the package download/upload mechanism, w...
d8s-stats (=0.1.0) potentially affected by unknown CVE via democritus-math (=2021.1.2801)
democritus-math PYPI version =2021.1.2801 is affected by a known vulnerability. The following packages have a transitive dependency on democritus-math and may be impacted: - d8s-stats =0.1.0 Source cves: unknown CVE Source advisory: SNYK:PYTHON-DEMOCRITUSMATH-8400834...
Malicious Package
Overview democritus-math is a malicious package. This package is used for dependency confusion attempts and contains malicious code. The package now exists as a placeholder on PyPI. Remediation Avoid using all malicious instances of the democritus-math package. References - GitHub Issue - GitHub...
Democritus Project 代码问题漏洞
Democritus Project is a collection of simple, effective, modular, fully tested and well-documented features from Democritus, Inc. A security vulnerability exists in Democritus Project d8s-math version 0.1.0, which stems from the presence of a potential code execution backdoor inserted by a third...
PT-2022-24608 · Unknown +1 · Democritus-Strings +1
Name of the Vulnerable Software and Affected Versions: d8s-math version 0.1.0 Description: The d8s-math for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. Recommendations: For version 0.1.0,...
PT-2022-37384 · Pypi · Democritus-Strings +1
Name of the Vulnerable Software and Affected Versions: d8s-math version 0.1.0 Description: The issue concerns a potential code-execution backdoor inserted by a third party into the d8s-math package for Python, distributed on PyPI. The backdoor is identified as the democritus-strings package...
CVE-2022-36015 Integer overflow in math ops in TensorFlow
TensorFlow is an open source platform for machine learning. When RangeSize receives values that do not fit into an int64t, it crashes. We have patched the issue in GitHub commit 37e64539cd29fcfb814c4451152a60f5d107b0f0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this...
CVE-2022-36015 Integer overflow in math ops in TensorFlow
TensorFlow is an open source platform for machine learning. When RangeSize receives values that do not fit into an int64t, it crashes. We have patched the issue in GitHub commit 37e64539cd29fcfb814c4451152a60f5d107b0f0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this...
TensorFlow vulnerable to integer overflow in math ops
Impact When RangeSize receives values that do not fit into an int64t, it crashes. cpp auto size = std::isintegral::value ? Eigen::numext::abslimit - start + Eigen::numext::absdelta - T1 / Eigen::numext::absdelta : Eigen::numext::ceil Eigen::numext::abslimit - start / delta; // This check does not...
The vulnerability of the ifilter_bank function in the libfaad/filtbank.c component allows a hacker to trigger a service failure. This vulnerability is present in the Freeware Advanced Audio Decoder 2 (FAAD2) audio decoder.
The vulnerability of the ifilterbank function in the libfaad/filtbank.c component is related to pointer arithmetic errors. Exploiting this vulnerability allows an attacker to cause a service failure...
WordPress Rank Math SEO Plugin < 1.0.95.1 SSRF Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:rankmath:seo"; ifdescription...
Rank Math SEO plugin vulnerable to Server-Side Request Forgery
Server-Side Request Forgery SSRF vulnerability in Rank Math SEO plugin = 1.0.95 at WordPress...
GHSA-J95R-86HX-XWXG Rank Math SEO plugin vulnerable to Server-Side Request Forgery
Server-Side Request Forgery SSRF vulnerability in Rank Math SEO plugin = 1.0.95 at WordPress...
CVE-2022-36376
Server-Side Request Forgery SSRF vulnerability in Rank Math SEO plugin = 1.0.95 at WordPress...